Certification Governance

28.3.1. TQS Committee Composition

The TQS Committee is a standing body that oversees the operation, management, and development of the TQS certification system. It is established under the TIENIPIA Technical Standards Committee and manages the entire lifecycle of certification, from standard establishment to certification issuance and post-certification management.

28.3.1.1. Committee Composition

The TQS Committee is composed of the following members.

Position	Headcount	Qualification Requirements	Term
Chairperson	1	Chief Technology Officer or Principal Engineer	2 years
Backend Member	1-2	5+ years of backend development experience	1 year
Frontend Member	1-2	5+ years of frontend development experience	1 year
Infrastructure Member	1-2	5+ years of infrastructure/DevOps experience	1 year
Security Member	1	3+ years of information security experience or relevant certification	1 year
External Advisor	1-2	Domain expert (external)	1 year

The Chairperson oversees committee decision-making and holds final approval authority over certification issuance and revocation. Domain-specific members conduct technical audits for their respective categories and participate in the establishment and revision of standards for their domains.

28.3.1.2. External Advisors

External advisors are invited from outside the organization to ensure objectivity and expertise of the certification system. The roles of external advisors are as follows.

• They provide advice on industry trends and technology developments during standard establishment and revision.
• They offer independent opinions on disputed audit results.
• They review the alignment of the certification system with international standards.

External advisors do not hold voting rights and are limited to providing advisory opinions. However, during appeal audits, the opinions of external advisors must be heard as a mandatory requirement.

28.3.1.3. Member Appointment and Dismissal

Member appointment follows the procedures below.

• The Chairperson is appointed by the CEO.
• Domain-specific members are recommended by the Chairperson and appointed with majority consent of existing members.
• External advisors are recommended by the Chairperson and commissioned through committee resolution.

Member dismissal proceeds when the following grounds apply.

• Three or more consecutive absences from committee duties
• Violation of conflict of interest prevention regulations
• Breach of confidentiality obligations
• Loss of member qualification requirements

---

28.3.2. Committee Roles and Authority

The TQS Committee holds responsibility and authority over the entire operation of the TQS certification system.

28.3.2.1. Standard Establishment and Revision

The TQS Committee holds authority over the establishment, revision, and abolition of TQS standards.

• New standards for emerging technology domains may be established.
• Existing standards may be modified or supplemented.
• Standards that are no longer valid may be abolished.
• The establishment and revision of standards must follow the prescribed procedures (see Section 28.3.3).

28.3.2.2. Audit Execution

The TQS Committee plans, executes, and determines the results of certification audits.

• Audit schedules are established and audit committee members are assigned.
• Domain-specific members conduct technical audits for their respective categories.
• Consensus on audit results is reached and determinations are made.
• Audit results are finalized with majority consent of the members.

Audits proceed in two stages: document review and technical audit. The document review confirms checklist compliance, and the technical audit verifies the actual code and configurations.

28.3.2.3. Certification Issuance and Revocation

The TQS Committee holds authority over the issuance and revocation of certifications.

• Certification is issued for projects that pass the audit.
• Certification may be revoked for projects that violate certification conditions.
• Prior to certification revocation, the project team must be notified in advance and given an opportunity to respond.

Grounds for certification revocation are as follows.

Revocation Grounds	Procedure
Discovery of unmet mandatory items	Revocation if not remediated within 30 days after corrective action request
Security incident occurrence	Immediate certification suspension, restoration or revocation decision after re-audit
Fraudulent use of TQS Mark	Revocation if not corrected after warning
Non-compliance within grace period after TQS standard change	Revocation upon grace period expiration

28.3.2.4. Appeal Audit

Project teams may file for an appeal audit if they have objections to the audit results.

• Appeals must be submitted within 14 days from the date of audit result notification.
• The appeal audit is conducted by an Appeal Audit Committee composed of members who did not participate in the original audit.
• The opinions of external advisors must be heard as a mandatory requirement.
• The appeal audit result is the final determination, and re-appeal on the same matter is not permitted.

---

28.3.3. Standard Establishment and Revision Procedures

The establishment and revision of TQS standards follow a five-stage procedure. This procedure is designed to ensure the quality of standards and sufficiently reflect the opinions of stakeholders.

28.3.3.1. Stage 1: Proposal

Standard establishment and revision may be proposed by the following parties.

• TQS Committee members
• Project team leaders
• Internal developers (written proposal to the committee)

Proposals must include the following content.

Item	Content
Proposal Background	Reason why standard establishment or revision is needed
Scope of Change	Affected standard items and scope
Expected Benefits	Expected improvements resulting from the change
Impact Analysis	Impact on existing certified projects

28.3.3.2. Stage 2: Review

The TQS Committee receives and reviews the proposal.

• The committee must complete the review within 14 days of receiving the proposal.
• The review result is determined as one of "Accepted," "Revision Requested," or "Rejected."
• A standard draft is prepared for accepted proposals.
• The standard draft is led by the relevant domain member and undergoes review by related members.

28.3.3.3. Stage 3: Public Comment Period

The standard draft is published internally for comment collection.

• The standard draft must be published on the internal technical portal for a minimum of 14 days.
• All developers may submit comments.
• The committee analyzes the collected comments and decides whether to incorporate them into the standard draft.
• Reasons are disclosed for comments that are not incorporated.

If significant changes are required during the comment period, an additional comment period (minimum 7 days) is granted for the revised draft.

28.3.3.4. Stage 4: Resolution

The committee votes on the final standard incorporating the results of the comment period.

• Resolution is confirmed with a quorum of majority of registered members present and majority vote of attending members.
• Resolution results are recorded and preserved in meeting minutes.
• Rejected standard proposals may be revised and resubmitted or discarded.

28.3.3.5. Stage 5: Promulgation

Resolved standards are promulgated according to the following procedures.

• The promulgation date must be within 7 days from the resolution date.
• Promulgated standards are published on the internal technical portal and the TQS standards website.
• A grace period (3 months) is granted to existing certified projects upon standard changes.
• The standard version is updated simultaneously with promulgation.

---

28.3.4. Conflict of Interest Prevention

To ensure the fairness and credibility of TQS certification, the following conflict of interest prevention regulations are applied.

28.3.4.1. Prohibition of Self-Project Audits

Members must not audit projects in which they are directly participating or have participated within the last 6 months. This regulation applies to the following circumstances.

• When the member participated as a developer, designer, or manager of the project
• When the member participated in code reviews for the project
• When the member belongs to the same department as the project team

The relevant member must proactively declare any conflict of interest during audit assignment. Failure to declare constitutes grounds for member dismissal.

28.3.4.2. Cross-Audit Principle

The cross-audit principle is applied to ensure audit objectivity.

• A minimum of 2 members must conduct the audit for a single project.
• Audit members must belong to different departments.
• Rotation assignment is implemented to prevent the same member from auditing the same project for 3 or more consecutive times.

When cross-audit results yield differing determinations between members, the Chairperson assigns additional members to reach a final determination.

28.3.4.3. Audit Result Disclosure

The following items are disclosed to ensure transparency of audit results.

Disclosed Item	Disclosure Scope	Disclosure Timing
Certification issuance records	Company-wide	Immediately upon certification issuance
Audit result summary	Relevant project team	Within 3 business days after audit completion
Detailed audit feedback	Relevant project team	Within 5 business days after audit completion
Certification revocation records	Company-wide	Immediately upon revocation decision
Standard establishment/revision history	Company-wide	Immediately upon promulgation

Individual determinations by audit members are not disclosed. This is to ensure the independent judgment of members. However, when necessary during the appeal audit process, information may be shared exclusively with the Appeal Audit Committee.

28.3.4.4. Confidentiality

TQS Committee members bear a confidentiality obligation regarding the project's technical information, source code, security configurations, and other information obtained during the audit process.

• Information obtained during the audit must not be used for purposes other than the audit.
• Source code of the audited project must not be duplicated or disclosed externally.
• Members must sign a confidentiality agreement upon assuming their position.
• The confidentiality obligation is maintained for 1 year after the member's term ends.